Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_JAVA_2024_08_01.NASLHistoryAug 13, 2024 - 12:00 a.m.
IBM Java 7.1 < 7.1.5.23 / 8.0 < 8.0.8.30
2024-08-1300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
ibm java
version vulnerability
security update
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
17.7%
The version of IBM Java installed on the remote host is prior to 7.1 < 7.1.5.23 / 8.0 < 8.0.8.30. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update August 2024 advisory.
- The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573. (CVE-2024-27267)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(205473);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/30");
script_cve_id("CVE-2024-27267");
script_name(english:"IBM Java 7.1 < 7.1.5.23 / 8.0 < 8.0.8.30");
script_set_attribute(attribute:"synopsis", value:
"IBM Java is affected a vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of IBM Java installed on the remote host is prior to 7.1 < 7.1.5.23 / 8.0 < 8.0.8.30. It is, therefore,
affected by a vulnerability as referenced in the IBM Security Update August 2024 advisory.
- The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0
through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management
of ORB listener threads. IBM X-Force ID: 284573. (CVE-2024-27267)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1");
# https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_August_2024
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c74b01ad");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the IBM Security Update August 2024 advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-27267");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/01");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:java");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_java_nix_installed.nbin", "ibm_java_win_installed.nbin");
script_require_keys("installed_sw/Java");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_list = ['IBM Java'];
var app_info = vcf::java::get_app_info(app:app_list);
var constraints = [
{ 'min_version' : '7.1.0', 'fixed_version' : '7.1.5.23' },
{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.8.30' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Related
redhatcve
redhatcve
CVE-2024-27267
2024-08-16 00:12:26
cve
cve
CVE-2024-27267
2024-08-14 16:15:10
cvelist
cvelist
CVE-2024-27267 IBM SDK, Java Technology Edition denial of service
2024-08-14 15:59:46
ibm
ibm
vulnrichment
vulnrichment
CVE-2024-27267 IBM SDK, Java Technology Edition denial of service
2024-08-14 15:59:46
nvd
nvd
CVE-2024-27267
2024-08-14 16:15:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3162-1)
2024-09-09 00:00:00
openSUSE: Security Advisory for java (SUSE-SU-2024:3162-1)
2024-09-07 00:00:00
osv
osv
Security update for java-1_8_0-ibm
2024-09-09 21:11:58
Security update for java-1_8_0-ibm
2024-09-06 10:18:01
nessus
nessus
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2024:3183-1)
2024-09-11 00:00:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
17.7%
Related for IBM_JAVA_2024_08_01.NASL